github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-13 15:14:08 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #408 from amshinde/remove-privileged-limitation

Browse Source 
Limitations: Remove privileged flag limitation
This commit is contained in:
Graham Whaley 2019-03-22 17:04:52 +00:00 committed by GitHub
commit 6301fbe458
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Limitations.md
View File

@ -220,10 +220,12 @@ See more documentation at
### docker run --privileged
The `docker run --privileged` command is not supported in the runtime.
There is no simple way to grant the VM access to all of the host devices that this command needs to be complete.
The `--privileged` option can be used with `runc` containers and inter-mixed with running Kata Containers. This enables use of `--privileged` when necessary.
Privileged support in Kata is essentially different from `runc` containers.
Kata does support `docker run --privileged` command, but in this case full access
to the guest VM is provided instead of the host.
The container runs with elevated capabilities within the guest and is granted
access to guest devices instead of the host devices.
This is also true with using `securityContext privileged=true` with Kubernetes.
# Miscellaneous